uClibc 0.9.19 has a bug in globfree(). If the previous call to

glob(...,pglob) used the GLOB_DOOFFS flag to reserve the first
pglob->gl_offs slots of pglob->gl_pathv, globfree(pglob) would attempt
to free the objects pointed to by those slots. If those objects were not
on the heap, the system would crash.

The attached patch fixes this.

Norm

libc/misc/glob/glob.c

@@ -260,8 +260,8 @@ globfree (pglob)
 {
   if (pglob->gl_pathv != NULL)
     {
-      register int i;
-      for (i = 0; i < pglob->gl_pathc; ++i)
+      register int i = pglob->gl_flags & GLOB_DOOFFS? pglob->gl_offs : 0;
+      for (; i < pglob->gl_pathc; ++i)
 	if (pglob->gl_pathv[i] != NULL)
 	  free ((__ptr_t) pglob->gl_pathv[i]);
       free ((__ptr_t) pglob->gl_pathv);